mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-16 10:53:43 +00:00
4.1 KiB
4.1 KiB
title, description, ms.collection, ms.date, appliesto, ms.topic
| title | description | ms.collection | ms.date | appliesto | ms.topic | |||
|---|---|---|---|---|---|---|---|---|
| Windows Hello for Business Deployment Prerequisite Overview | Overview of all the different infrastructure requirements for Windows Hello for Business deployment models |
|
12/13/2022 |
|
article |
Windows Hello for Business Deployment Prerequisite Overview
This article lists the infrastructure requirements for the different deployment models for Windows Hello for Business.
Azure AD Cloud Only Deployment
- Azure Active Directory
- Azure AD Multifactor Authentication
- Device management solution (Intune or supported third-party MDM), optional
- Azure AD Premium subscription - optional, needed for automatic MDM enrollment when the device joins Azure Active Directory
Hybrid Deployments
The table shows the minimum requirements for each deployment. For key trust in a multi-domain/multi-forest deployment, the following requirements are applicable for each domain/forest that hosts Windows Hello for business components or is involved in the Kerberos referral process.
| Requirement | cloud Kerberos trust Group Policy or Modern managed |
Key trust Group Policy or Modern managed |
Certificate Trust Mixed managed |
Certificate Trust Modern managed |
|---|---|---|---|---|
| Windows Version | Any supported Windows client versions | Any supported Windows client versions | Any supported Windows client versions | |
| Schema Version | No specific Schema requirement | Windows Server 2016 or later schema | Windows Server 2016 or later schema | Windows Server 2016 or later schema |
| Domain and Forest Functional Level | Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level |
| Domain Controller Version | Any supported Windows Server versions | Any supported Windows Server versions | Any supported Windows Server versions | Any supported Windows Server versions |
| Certificate Authority | N/A | Any supported Windows Server versions | Any supported Windows Server versions | Any supported Windows Server versions |
| AD FS Version | N/A | N/A | Any supported Windows Server versions | Any supported Windows Server versions |
| MFA Requirement | Azure MFA, or AD FS w/Azure MFA adapter, or AD FS w/Azure MFA Server adapter, or AD FS w/3rd Party MFA Adapter |
Azure MFA tenant, or AD FS w/Azure MFA adapter, or AD FS w/Azure MFA Server adapter, or AD FS w/3rd Party MFA Adapter |
Azure MFA tenant, or AD FS w/Azure MFA adapter, or AD FS w/Azure MFA Server adapter, or AD FS w/3rd Party MFA Adapter |
Azure MFA tenant, or AD FS w/Azure MFA adapter, or AD FS w/Azure MFA Server adapter, or AD FS w/3rd Party MFA Adapter |
| Azure AD Connect | N/A | Required | Required | Required |
| Azure AD License | Azure AD Premium, optional | Azure AD Premium, optional | Azure AD Premium, needed for device write-back | Azure AD Premium, optional. Intune license required |
On-premises Deployments
The table shows the minimum requirements for each deployment.
| Key trust Group Policy managed |
Certificate trust Group Policy managed |
|---|---|
| Any supported Windows client versions | Any supported Windows client versions |
| Windows Server 2016 Schema | Windows Server 2016 Schema |
| Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level |
| Any supported Windows Server versions | Any supported Windows Server versions |
| Any supported Windows Server versions | Any supported Windows Server versions |
| Any supported Windows Server versions | Any supported Windows Server versions |
| AD FS with 3rd Party MFA Adapter | AD FS with 3rd Party MFA Adapter |